Re: [PATCH] splice: fix user pointer access in get_iovec_page_array()

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Pekka J Enberg <penberg@...>

Cc: <torvalds@...>, <linux-kernel@...>, <stable@...>, <jens.axboe@...>, <akpm@...>, <bastian@...>, <ndenev@...>, <oliver.pntr@...>

Subject: Re: [PATCH] splice: fix user pointer access in get_iovec_page_array()

Date: Sunday, February 10, 2008 - 7:37 pm

On Sun, Feb 10, 2008 at 04:47:57PM +0200, Pekka J Enberg wrote:
quoted text> From: Bastian Blank <bastian@waldi.eu.org>
> 
> The commit 8811930dc74a503415b35c4a79d14fb0b408a361 ("splice: missing user
> pointer access verification") added access_ok() to copy_from_user_mmap_sem()
> which only ensures we can copy the struct iovecs from userspace to the kernel
> but we also must check whether we can access the actual memory region pointed
> to by the struct iovec to close the local root exploit.
> 
> Cc: <stable@kernel.org>
> Cc: Jens Axboe <jens.axboe@oracle.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
> ---
> Bastian, can I have your Signed-off-by for this, please? Oliver, Niki, can 
> you please confirm this closes the hole?

Pekka, I confirm that it also closes the hole once backported to 2.6.22.

Willy

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] splice: fix user pointer access in get_iovec_page_ar..., Pekka J Enberg, (Sun Feb 10, 10:47 am)

[PATCH] vmsplice exploit fix (was: splice: fix user pointer ..., Daniel Phillips, (Mon Feb 11, 3:29 am)

Re: [PATCH] vmsplice exploit fix (was: splice: fix user poin..., Pekka Enberg, (Mon Feb 11, 3:49 am)

Re: [PATCH] vmsplice exploit fix (was: splice: fix user poin..., Daniel Phillips, (Mon Feb 11, 4:00 am)

Re: [stable] [PATCH] vmsplice exploit fix (was: splice: fix ..., Greg KH, (Mon Feb 11, 3:53 am)

Re: [stable] [PATCH] vmsplice exploit fix (was: splice: fix ..., Daniel Phillips, (Mon Feb 11, 4:05 am)

Re: [PATCH] splice: fix user pointer access in get_iovec_pag..., Willy Tarreau, (Sun Feb 10, 7:37 pm)

Re: [PATCH] splice: fix user pointer access in get_iovec_pag..., Oliver Pinter, (Mon Feb 11, 2:24 am)

Re: [PATCH] splice: fix user pointer access in get_iovec_pag..., Bastian Blank, (Sun Feb 10, 11:17 am)

Re: [PATCH] splice: fix user pointer access in get_iovec_pag..., Oliver Pinter, (Sun Feb 10, 11:31 am)

Navigation

Mail archive search

Popular discussions


linux-kernel:
David Miller	Slow DOWN, please!!!
Tomasz Kłoczko	Is it time for remove (crap) ALSA from kernel tree ?
holzheu	[RFC/PATCH] Documentation of kernel messages
Jiri Kosina	HID merge plans for 2.6.28
git:
ir0s	Local branch ahead of tracked remote branch but git push claims everything up-to-d...
Elijah Newren	Trying to use git-filter-branch to compress history by removing large, obsolete bi...
Shawn O. Pearce	Re: pack operation is thrashing my server
Aubrey Li	git proxy issue
linux-netdev:
KOSAKI Motohiro	[bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
Jussi Kivilinna	[PATCH 01/14] Fix sparse warning: returning void-valued expression
Roland Dreier	Re: setsockopt()
Shyam_Iyer	RE: [RFC][PATCH 1/1] cxgb3i: cxgb3 iSCSI initiator
openbsd-misc:
L. V. Lammert	'Nother broken package - git-1.5.4.2
Jason Dixon	Wasting our Freedom
Pau	acer aspire one dmesg?
GVG GVG	ssh_exchange_identification: Connection closed by remote host

Latest forum posts


high memory	1 hour ago	Linux kernel
semaphore access speed	3 hours ago	Applications and Utilities
the kernel how to power off the machine	4 hours ago	Linux kernel
Easter Eggs in windows XP	7 hours ago	Windows
Shared swap partition	8 hours ago	Linux general
Root password	8 hours ago	Linux general
Where/when DNOTIFY is used?	10 hours ago	Linux kernel
How to convert Linux Kernel built-in module into a loadable module	13 hours ago	Linux kernel
Linux 2.6.24 and I/O schedulers	13 hours ago	Linux kernel
USB Driver -- Interrupt Polling -- A Little Help Please	19 hours ago	Linux general

Show all forums...

Recent Tags

-rc8 Linux 2.6.27 quote 2.6.27-rc8 -rc Intel bugs Linus Torvalds

more tags

Colocation donated by:

Online users

Syndicate